From: futplex@pseudonym.com (Futplex)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 066ea4f92849d2c8c902eb038460e8171db235a2751096e6f70b304b30dd9742
Message ID: <9509220652.AA06103@cs.umass.edu>
Reply To: <199509220612.CAA11441@clark.net>
UTC Datetime: 1995-09-22 06:52:42 UTC
Raw Date: Thu, 21 Sep 95 23:52:42 PDT
From: futplex@pseudonym.com (Futplex)
Date: Thu, 21 Sep 95 23:52:42 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Another Netscape Bug (and possible security hole)
In-Reply-To: <199509220612.CAA11441@clark.net>
Message-ID: <9509220652.AA06103@cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain
Ray Cromwell writes:
> I've found a Netscape bug which I suspect is a buffer overflow and
> may have the potential for serious damage. If it is an overflow bug,
> then it may be possible to infect every computer which accesses a web
> page with Netscape. To see the bug, create an html file containing
> the following:
Oh brother, this is unbelievable !
I'm using Netscape 1.1N under SunOS 4.1.2.
It turns out that the same (or a similar) flaw resides in the Open Location
input routine -- perhaps this merely coincides with the code called when a
URL is clicked. Anyway, pasting a URL with an overlong domain name a la Ray's
example causes two things:
(1) Part of the Open Location window widget, below the entry box, gets
overwritten onscreen with a portion of the entered URL.
(2) Netscape crashes with a segmentation fault (no core dump that I can see).
-Futplex <futplex@pseudonym.com>
Return to September 1995
Return to “sameer <sameer@c2.org>”